Sharing personal data with data brokers or other businesses partners? French regulator, CNIL, has new guidelines for you to follow.
- The individual whose data is shared must give consent before any transmission to partners.
- The individual must be able to identify the partners, recipients of the data, from the form from which the data collection is carried out.
- You can either:
- Present a regularly updated exhaustive list which is visible directly on the form; or if too long
- Present a link referring to the list as well as the privacy policies of the partners.
- The individual must be informed of changes in the list of partners and especially the arrival of new partners.
- The consent collected by the company collecting the data on behalf of its partners is only valid for them. The partners can not send the information received to their own partners, without again collecting informed consent of the individuals.
- Partners must indicate, at their first communication, how to exercise their rights, in particular of opposition, as well as the source from which the data used come from.